Past Projects

This page contains a list of software tools created by the
SIIS lab. Please contact siis@cse.psu.edu
if you have any questions regarding these tools.

Dare

Dare is a tool which retargets Android applications running on the Dalvik
Virtual Machine to traditional Java Virtual Machine .class files. These .class files can then be
processed by existing Java tools, including decompilers. Thus, Android
applications can be analyzed using a vast range of techniques developed for
traditional Java applications. Dare replaces Ded as a retargeting tool: it
is more accurate, more efficient, more powerful and can even handle cases
where the input code is unverifiable.

Dare was awarded the Best Artifact Award at the 20th International Symposium
on the Foundations of Software Engineering (FSE), recognizing its value as a
significant and high-quality tool. For more information, you can read the
paper "Retargeting Android Applications to Java Bytecode" by Octeau et al.,
published in the proceedings of the 20th International Symposium on the
Foundations of Software Engineering (FSE). For downloads, see the
Dare page.

Ded

Smartphone applications are frequently incompletely vetted, poorly isolated,
and installed by users without restraint. Smartphone research frequently needs
to understand how these applications behave. ded is a project which aims at
decompiling Android applications. The ded tool retargets Android applications
in .dex format to traditional .class files. These .class files can then be
processed by existing Java tools, including decompilers. Thus, Android
applications can be analyzed using a vast range of techniques developed for
traditional Java applications.

Fortify SCA

As part of the ded project, we developed custom static analysis rules for the
(now HP) Fortify Static Code Analyzer (SCA) tool. These rules test for a
breadth of security vulnerabilities and dangerous functionality, as described
in our USENIX Security paper.
The specific rules are explained in more detail
in our Technical Report.
The final Fortify SCA ruleset used for this paper is
available at the following link:
fsca_rules-final.xml.

Kirin

Kirin is a tool for lightweight certification of applications on the
Android mobile phone platform. When a new application is installed,
Kirin extracts security and configuration
policy accompanying the package to infer potential
runtime functionality. This functionality is compared against a criteria ruleset
containing undesired functionality. If the application fails to meet the
criteria, it is not installed. For more information on Kirin, see the
paper by Enck et al., "On Lightweight Mobile Phone Application
Certifiation," published in the proceedings of the 2009 ACM Conference
on Computer and Communications Security (CCS).

JLift

JLift is a static analysis tool for finding
information-flow errors
in Java programs. It is an extension of the Jif compiler to operate on
Java programs. It is similar to CQual/JQual, except that
it also detects implicit flows arising from conditionals and
exceptions. It has been used to successfully catalogue
information-flow errors in a number of server programs.

JLift is in a state of active development.
Dave King
is the maintainer of JLift. For more information see
the JLift page.

JPmail

JPmail is a secure email client which uses the security-typed language Jif
to get information-flow control guarantees. JPmail was developed in Jif
and utilizes some tools we built to handle high-level security policy, cryptography,
declassification and distributed policy. For more information, see the
JPmail page. For downloads, see the
JPmail downloads page.

Jifclipse

Jifclipse is an IDE for the security-typed language Jif built on the
Eclipse extensible development platform. Jifclipse provides a Jif
programmer with additional tools to view hidden information generated by
a Jif compilation, to suggest fixes for errors, and to get more specific
information behind an error message. For more information see the Jifclipse page.

Jif signature generator

The Jif language allows programmers to check that their programs are
information-flow secure. This requires that every source and sink in the
program be labeled, including library functions. Signatures are used to
specify the security behavior of library functions. Generating these
signatures by hand can be tedious. siggen automatically
generates signature files based on what external classes and methods a
Java or Jif program uses. For more information see the Jif signature generator
page.

TARP

TARP, Ticket-based Address Resolution Protocol, adds security to address
resolution in IP networks. TARP was designed to implement security at a
minimal cost while maintaining interoperability with ARP.

bgpaddrmap

This is a tool to enable examining the hierarchy of address
delegation in the Internet. Given a series of address blocks and the ASes
originating their advertisement, bgpaddr can estimate the address
delegation chain from IANA to the originator. A text report is generated,
as well as a graph file in dot format suitable for rendering with
graphviz.

Download the latest ignore
file, containing addresses and ASes that should not be processed by
bgpaddrmap (e.g., private IP address space, IP and AS bogons, etc.)

Aquinas

Recent web-based applications offer users free service in exchange for
access to personal communication, such as on-line email services and
instant messaging. The inspection and retention of user communication
is generally intended to enable targeted marketing. However, unless
specifically stated otherwise by the collecting service's privacy
policy, such records have an indefinite lifetime and may be later used
or sold without restriction. Aquinas protects a user's privacy from
these risks by exploiting mutually oblivious, competing communication
channels. It creates virtual channels over online services (e.g.,
Google's Gmail, Microsoft's Hotmail) through which messages and
cryptographic keys are delivered. The message recipient uses a shared
secret to identify the shares and ultimately recover the original
plaintext. In so doing, Aquinas creates a wired "spread-spectrum"
mechanism for protecting the privacy of web-based communication.